PT-2015-2477 · Oracle+3 · Oracle Java Se+4

Published

2015-10-21

·

Updated

2025-03-13

·

CVE-2015-4902

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u101, 7u85, and 8u60
Description The issue is related to an unspecified vulnerability in the Deployment component of Oracle Java SE, which can be exploited by remote attackers to affect integrity via unknown vectors. This vulnerability is associated with errors in the code of the Java Platform. Exploitation of the vulnerability may allow a remote attacker to modify data using a Java Web Start application or Java applet.
Recommendations For Oracle Java SE version 6u101, update to a version that fixes the vulnerability. For Oracle Java SE version 7u85, update to a version that fixes the vulnerability. For Oracle Java SE version 8u60, update to a version that fixes the vulnerability. As a temporary workaround, consider restricting the use of the Deployment component until a patch is available.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17CWE-284

Related Identifiers

BDU:2015-11842
CVE-2015-4902
OPENSUSE-SU-2015_1905-1
OPENSUSE-SU-2016_0270-1
OPENSUSE-SU-2024:10197-1
RHSA-2015:1926
RHSA-2015:1927
RHSA-2015:1928
RHSA-2015:2506
RHSA-2015:2507
RHSA-2015:2508
RHSA-2015:2509
RHSA-2015:2518
RHSA-2015_1926
RHSA-2015_1927
RHSA-2015_1928
RHSA-2015_2506
RHSA-2015_2508
RHSA-2015_2509
RHSA-2015_2518
RHSA-2016:1430
SUSE-SU-2015:2166-1
SUSE-SU-2015:2168-1
SUSE-SU-2015:2168-2
SUSE-SU-2015:2182-1
SUSE-SU-2015:2192-1
SUSE-SU-2015:2216-1
SUSE-SU-2015:2268-1

Affected Products

Ibm Aix
Java Platform
Oracle Java Se
Red Hat
Suse